About the job

Job summary

Ofgem is an independent National Regulatory Authority and non-ministerial government department focused on protecting electricity and gas consumers' interests. It aims to ensure value for money, security of supply, sustainability for current and future generations, and oversees market development, competition, and government scheme delivery. While working closely with the government, energy industry, and other stakeholders, Ofgem maintains its independence within a legal framework set by the UK government and the European Union.

As part of our commitment to innovation and excellence, Ofgem is evolving into a Digital, Data, and Technology (DDaT) driven organisation. We aim to lead the energy sector by exemplifying best practices in managing data, digital platforms, and technology. Our forward-thinking approach seeks to revolutionise the way we operate, ensuring Ofgem and its consumers benefit from top-quality, cost-effective energy solutions delivered with unparalleled efficiency, quality, and speed.

In this key role, the successful candidate will be responsible for managing and enhancing Certificate Authority operations, including Certificate Enrolment and Policy Web Services, as well as Active Directory Certificate Services (ADCS). The position involves managing Azure key management services, supporting the Sectigo Certificate Manager (SCM) for digital certificate lifecycle management, and developing transition plans to a new Public Key Infrastructure (PKI) service.

Additionally, the role requires technical support for the PKI service, including certificate issuance and revocation, and managing App Service, private and public certificates, and Key Vault certificates. This role is critical in ensuring digital security and supporting Ofgem's mission to protect energy consumers by maintaining a secure and reliable digital infrastructure.

The role involves collaborating on PKI solutions, enhancing automated certificate management with cyber vulnerability teams, and administering SharePoint Online and Power Platform services. The candidate will oversee PKI and DLP policies, support Information Services with documentation, and manage a platform for digital certificate lifecycles to ensure secure identities across the organisation.

This Senior PKI Engineer position is a unique opportunity to be at the vanguard of securing the digital future of Britain's energy sector, contributing significantly to the safety, efficiency, and sustainability of energy consumption across the nation.

If you are ready to apply your specialised knowledge in PKI management and digital security towards making a profound difference in how energy is delivered and managed, we look forward to your application. Join us and be part of a dynamic team dedicated to advancing Ofgem's mission through technological innovation and excellence.

Job description

Ofgem is a non-ministerial government department and an independent National Regulatory Authority. Our principal objective is to protect the interests of existing and future electricity and gas consumers. We do this by promoting value for money, promoting security of supply and sustainability, for present and future generations of consumers, domestic and industrial users, the supervision and development of markets and competition, regulation and the delivery of government schemes. We work effectively with, but are independent of, government, the energy industry and other stakeholders within a legal framework determined by the UK government and the European Union. 

We are building a Digital, Data and Technology (DDaT) driven organisation at Ofgem and will lead industry by showcasing best practice when dealing with data, digital and technology in the energy sector. Our more modern, insight-driven, innovative approach to DDaT will provide outstanding experiences at the right cost, quality and pace for the whole of Ofgem and ensure consumers receive a top-quality and cost-effective supply of energy. 

Key Responsibilities 

• Manage Certificate Authority Administration, including Certificate Enrolment Web Service & Policy Web Service, and monitor Active Directory Certificate Services (ADCS). 
• Manage Azure key management services to ensure robust cryptographic key security. 
• Support the delivery of Sectigo Certificate Manager (SCM) to manage the lifecycles of digital certificates 
• Understand details of existing certificate use-cases and prepare onboarding roadmaps to the new PKI service. 
• Participate in the technical support of the PKI managed service for Ofgem as well perform certificate checks, including issuing and revoking certificates. 
• Work with App Service managed certificates, private and public certificates, and certificates from Key Vault.

Person specification

Key Outputs and Deliverables 

• Work within CDIO function to refresh, design, build, and operate PKI solutions and environments. 
• Work with Cyber vulnerability assessment teams to prioritise onboarding to automated certificate management by bringing in your technology understanding. 
• Provide technical administration for the SharePoint Online and Power Platform services ensuring end user access is automatable, auditable, and manageable. 
• Plan and manage all technical elements of the PKI service and DLP policies to ensure a sustainable service model is developed. 
• Provide documentation and resources to colleagues across Information Services, ensuring that all services are fully supported, and end users have access to appropriate technical support and information. 
• Maintain and launch a platform to manage the lifecycles of digital certificates to secure identity across our enterprise. 

Essential Criteria

• Hands on experience with PKI and Certificate deployment and automation. (Lead criteria) 
• Expertise in PKI machine identity technologies such as SSH, SSL, TLS. 
• Experience managing Key Management Systems (KMS) for cryptographic key security. 
• Good understanding of PKI systems and services, ACME protocol, Online Certificate Status Protocol and the use of RESTful APIs.   
• hands-on experience with Certificate Authority Administration, ADCS monitoring, and related tasks. 

Desirable Criteria

• A deep knowledge and understanding of Information and/or Cyber Security.  Knowledge of cybersecurity principles and practices and an understanding of security frameworks e.g., NIST, ISO27001. 

Benefits

Alongside your salary of £43,650, OFGEM contributes £11,785 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

Things you need to know

Selection process details

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills.

When you press the ‘Apply now’ button, you will be asked to complete personal details (not seen by the sift panel), and upload a copy of your CV anonymising all details where necessary.  

You will then be asked to supply a personal statement evidencing how you meet the essential and desirable skills and capabilities listed in the role profile. Please ensure you demonstrate clearly, within these answers how you meet each of the essential and desirable skills and capabilities. 

The Civil Service values honesty and integrity and expect all candidates to abide by these principles. Ofgem take any incidences of cheating very seriously. Please ensure all examples provided are of your own experience. Any instances of plagiarism or other forms of cheating will be investigated and, if proven, the relevant applications will be withdrawn from the process. 

Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check. People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window). The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria. The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.